Design/Logic Flaw

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

CVE-2010-3316

CVE-2010-3316 affects the pam_xauth module of Linux-PAM before 1.1.2. The issue is in pam_xauth.c: the run_coprocess function does not validate the return values of setuid, setgid, and setgroups, which may allow a local attacker to read arbitrary files by exploiting the pam_xauth PAM check. The c...

CVE-2010-3316

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

CVE-2010-3316

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

CVE-2010-3853

pamnamespace.c in the pamnamespace module in Linux-PAM aka pam before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pamnamespace PAM...

CVE-2010-3853

pamnamespace.c in the pamnamespace module in Linux-PAM aka pam before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pamnamespace PAM...

CVE-2010-3316

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)

This host is missing a critical security update according to Microsoft Bulletin MS07-053. OpenVAS Vulnerability Test $Id: gbms07-053.nasl 5362 2017-02-20 12:46:39Z cfi $ Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege 939778 Authors: Madhuri D Copyright: Copyright c...

Ubuntu Update for eglibc, glibc vulnerability USN-1009-2

Ubuntu Update for Linux kernel vulnerabilities USN-1009-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN10092.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for eglibc, glibc vulnerability USN-1009-2 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-1009-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : eglibc, glibc vulnerability (USN-1009-2)

USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watson discovered that the fixes were incomplete and introduced flaws with setuid programs loading libraries that used dynamic string tokens in their RPATH. If the 'man' program was installed setuid, a local attacker could exploit this ...

os-x/x86 intel - setuid shell x86_64 - 51 bytes

Exploit for os-x/x86 platform in category shellcode ========================================== OSX/Intel - setuid shell x8664 - 51 bytes ========================================== / Title: OSX/Intel - setuid shell x8664 - 51 bytes Date: 2010-11-25 Tested on: Mac OS X 10.6.5 - Darwin Kernel Versio...

OSX/Intel - setuid shell x86_64 - 51 bytes

OSX/Intel - setuid shell x8664 - 51 bytes. Shellcode exploit for osx platform / Title: OSX/Intel - setuid shell x8664 - 51 bytes Date: 2010-11-25 Tested on: Mac OS X 10.6.5 - Darwin Kernel Version 10.5.0 Author: Dustin Schultz - twitter: @thexploit http://thexploit.com BITS 64 section .text globa...

pam: pam_xauth missing return value checks from setuid() and similar calls

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

pam: pam_namespace executes namespace.init with service's environment

pamnamespace.c in the pamnamespace module in Linux-PAM aka pam before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pamnamespace PAM...

Mandriva Update for pam MDVSA-2010:220 (pam)

Check for the Version of pam OpenVAS Vulnerability Test Mandriva Update for pam MDVSA-2010:220 pam Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

glibc: ld.so insecure handling of $ORIGIN in LD_AUDIT for setuid/setgid programs

elf/dl-load.c in ld.so in the GNU C Library aka glibc or libc6 through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LDAUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object DSO located in an arbitrary...

glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...

nSense-2010-003: Cisco Unified Communications Manager

nSense Vulnerability Research Security Advisory NSENSE-2010-003 --------------------------------------------------------------- Affected Vendor: Cisco Systems, Inc Affected Product: Cisco Unified Communications Manager Platform: All Impact: Privilege Escalation Vendor response: Patch. IntelliShie...

Cisco Unified Communications Manager Privilege Escalation

nSense Vulnerability Research Security Advisory NSENSE-2010-003 --------------------------------------------------------------- Affected Vendor: Cisco Systems, Inc Affected Product: Cisco Unified Communications Manager Platform: All Impact: Privilege Escalation Vendor response: Patch. IntelliShie...